Enable libFuzzer's afl_driver to append stderr to a file.

Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272858 91177308-0d34-0410-b5e6-96231b3b80d8
CAHollenbeck · Jun 16, 2016 · 35825a3 · 35825a3
1 parent 60cc497
commit 35825a3
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 0 deletions.
diff --git a/lib/Fuzzer/afl/afl_driver.cpp b/lib/Fuzzer/afl/afl_driver.cpp
@@ -60,6 +60,25 @@ static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];
 static const size_t kMaxAflInputSize = 1 << 20;
 static uint8_t AflInputBuf[kMaxAflInputSize];
 
+// If the user asks us to duplicate stderr, then do it.
+static void maybe_duplicate_stderr() {
+  char* stderr_duplicate_filename =
+      getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
+
+  if (!stderr_duplicate_filename)
+    return;
+
+  FILE* stderr_duplicate_stream =
+      freopen(stderr_duplicate_filename, "a+", stderr);
+
+  if (!stderr_duplicate_stream) {
+    fprintf(stderr,
+            "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME"
+            );
+    abort();
+  }
+}
+
 int main(int argc, char **argv) {
   fprintf(stderr, "Running in AFl-fuzz mode\nUsage:\n"
                   "afl-fuzz [afl-flags] %s [N] "
@@ -70,6 +89,8 @@ int main(int argc, char **argv) {
     LLVMFuzzerInitialize(&argc, &argv);
   // Do any other expensive one-time initialization here.
 
+  maybe_duplicate_stderr();
+
   __afl_manual_init();
 
   int N = 1000;

diff --git a/lib/Fuzzer/test/AFLDriverTest.cpp b/lib/Fuzzer/test/AFLDriverTest.cpp
@@ -0,0 +1,12 @@
+#include <stdint.h>
+#include <stdlib.h>
+
+extern "C" void __afl_manual_init() {}
+
+extern "C" int __afl_persistent_loop(unsigned int) {
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  return 0;
+}
diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt
@@ -109,6 +109,19 @@ foreach(Test ${Tests})
   add_libfuzzer_test(${Test} SOURCES ${Test}.cpp)
 endforeach()
 
+###############################################################################
+# AFL Driver test
+###############################################################################
+
+add_executable(AFLDriverTest
+  AFLDriverTest.cpp ../afl/afl_driver.cpp)
+
+set_target_properties(AFLDriverTest
+    PROPERTIES RUNTIME_OUTPUT_DIRECTORY
+    "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
+    )
+set(TestBinaries ${TestBinaries} AFLDriverTest)
+
 ###############################################################################
 # Unit tests
 ###############################################################################

diff --git a/lib/Fuzzer/test/afl-driver.test b/lib/Fuzzer/test/afl-driver.test
@@ -0,0 +1,10 @@
+; Test that not specifying a file isn't broken.
+RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME
+RUN: AFLDriverTest
+
+; Test that specifying an invalid file causes a crash.
+RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash AFLDriverTest
+
+; Test that a file is created when specified as the duplicate stderr.
+RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t AFLDriverTest
+RUN: stat %t